Back to index...
/*
 * Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */
package sun.security.jca;
import java.io.File;
import java.lang.reflect.*;
import java.util.*;
import java.security.*;
import sun.security.util.PropertyExpander;
/**
 * Class representing a configured provider which encapsulates configuration
 * (provider name + optional argument), the provider loading logic, and
 * the loaded Provider object itself.
 *
 * @author  Andreas Sterbenz
 * @since   1.5
 */
final class ProviderConfig {
    private static final sun.security.util.Debug debug =
        sun.security.util.Debug.getInstance("jca", "ProviderConfig");
    // suffix for identifying the SunPKCS11-Solaris provider
    private static final String P11_SOL_NAME = "SunPKCS11";
    // config file argument of the SunPKCS11-Solaris provider
    private static final String P11_SOL_ARG  =
        "${java.home}/conf/security/sunpkcs11-solaris.cfg";
    // maximum number of times to try loading a provider before giving up
    private static final int MAX_LOAD_TRIES = 30;
    // could be provider name (module) or provider class name (legacy)
    private final String provName;
    // argument to the Provider.configure() call, never null
    private final String argument;
    // number of times we have already tried to load this provider
    private int tries;
    // Provider object, if loaded
    private volatile Provider provider;
    // flag indicating if we are currently trying to load the provider
    // used to detect recursion
    private boolean isLoading;
    ProviderConfig(String provName, String argument) {
        if (provName.endsWith(P11_SOL_NAME) && argument.equals(P11_SOL_ARG)) {
            checkSunPKCS11Solaris();
        }
        this.provName = provName;
        this.argument = expand(argument);
    }
    ProviderConfig(String provName) {
        this(provName, "");
    }
    ProviderConfig(Provider provider) {
        this.provName = provider.getName();
        this.argument = "";
        this.provider = provider;
    }
    // check if we should try to load the SunPKCS11-Solaris provider
    // avoid if not available (pre Solaris 10) to reduce startup time
    // or if disabled via system property
    private void checkSunPKCS11Solaris() {
        Boolean o = AccessController.doPrivileged(
                                new PrivilegedAction<Boolean>() {
            public Boolean run() {
                File file = new File("/usr/lib/libpkcs11.so");
                if (file.exists() == false) {
                    return Boolean.FALSE;
                }
                if ("false".equalsIgnoreCase(System.getProperty
                        ("sun.security.pkcs11.enable-solaris"))) {
                    return Boolean.FALSE;
                }
                return Boolean.TRUE;
            }
        });
        if (o == Boolean.FALSE) {
            tries = MAX_LOAD_TRIES;
        }
    }
    private boolean hasArgument() {
        return argument.length() != 0;
    }
    // should we try to load this provider?
    private boolean shouldLoad() {
        return (tries < MAX_LOAD_TRIES);
    }
    // do not try to load this provider again
    private void disableLoad() {
        tries = MAX_LOAD_TRIES;
    }
    boolean isLoaded() {
        return (provider != null);
    }
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj instanceof ProviderConfig == false) {
            return false;
        }
        ProviderConfig other = (ProviderConfig)obj;
        return this.provName.equals(other.provName)
            && this.argument.equals(other.argument);
    }
    public int hashCode() {
        return provName.hashCode() + argument.hashCode();
    }
    public String toString() {
        if (hasArgument()) {
            return provName + "('" + argument + "')";
        } else {
            return provName;
        }
    }
    /**
     * Get the provider object. Loads the provider if it is not already loaded.
     */
    // com.sun.net.ssl.internal.ssl.Provider has been deprecated since JDK 9
    @SuppressWarnings("deprecation")
    synchronized Provider getProvider() {
        // volatile variable load
        Provider p = provider;
        if (p != null) {
            return p;
        }
        if (shouldLoad() == false) {
            return null;
        }
        // Create providers which are in java.base directly
        if (provName.equals("SUN") || provName.equals("sun.security.provider.Sun")) {
            p = new sun.security.provider.Sun();
        } else if (provName.equals("SunRsaSign") || provName.equals("sun.security.rsa.SunRsaSign")) {
            p = new sun.security.rsa.SunRsaSign();
        } else if (provName.equals("SunJCE") || provName.equals("com.sun.crypto.provider.SunJCE")) {
            p = new com.sun.crypto.provider.SunJCE();
        } else if (provName.equals("SunJSSE") || provName.equals("com.sun.net.ssl.internal.ssl.Provider")) {
            p = new com.sun.net.ssl.internal.ssl.Provider();
        } else if (provName.equals("Apple") || provName.equals("apple.security.AppleProvider")) {
            // need to use reflection since this class only exists on MacOsx
            p = AccessController.doPrivileged(new PrivilegedAction<Provider>() {
                public Provider run() {
                    try {
                        Class<?> c = Class.forName("apple.security.AppleProvider");
                        if (Provider.class.isAssignableFrom(c)) {
                            @SuppressWarnings("deprecation")
                            Object tmp = c.newInstance();
                            return (Provider) tmp;
                        } else {
                            return null;
                        }
                    } catch (Exception ex) {
                        if (debug != null) {
                        debug.println("Error loading provider Apple");
                        ex.printStackTrace();
                    }
                    return null;
                }
             }
             });
        } else {
            if (isLoading) {
                // because this method is synchronized, this can only
                // happen if there is recursion.
                if (debug != null) {
                    debug.println("Recursion loading provider: " + this);
                    new Exception("Call trace").printStackTrace();
                }
                return null;
            }
            try {
                isLoading = true;
                tries++;
                p = doLoadProvider();
            } finally {
                isLoading = false;
            }
        }
        provider = p;
        return p;
    }
    /**
     * Load and instantiate the Provider described by this class.
     *
     * NOTE use of doPrivileged().
     *
     * @return null if the Provider could not be loaded
     *
     * @throws ProviderException if executing the Provider's constructor
     * throws a ProviderException. All other Exceptions are ignored.
     */
    private Provider doLoadProvider() {
        return AccessController.doPrivileged(new PrivilegedAction<Provider>() {
            public Provider run() {
                if (debug != null) {
                    debug.println("Loading provider " + ProviderConfig.this);
                }
                try {
                    Provider p = ProviderLoader.INSTANCE.load(provName);
                    if (p != null) {
                        if (hasArgument()) {
                            p = p.configure(argument);
                        }
                        if (debug != null) {
                            debug.println("Loaded provider " + p.getName());
                        }
                    } else {
                        if (debug != null) {
                            debug.println("Error loading provider " +
                                ProviderConfig.this);
                        }
                        disableLoad();
                    }
                    return p;
                } catch (Exception e) {
                    if (e instanceof ProviderException) {
                        // pass up
                        throw e;
                    } else {
                        if (debug != null) {
                            debug.println("Error loading provider " +
                                ProviderConfig.this);
                            e.printStackTrace();
                        }
                        disableLoad();
                        return null;
                    }
                } catch (ExceptionInInitializerError err) {
                    // no sufficient permission to initialize provider class
                    if (debug != null) {
                        debug.println("Error loading provider " + ProviderConfig.this);
                        err.printStackTrace();
                    }
                    disableLoad();
                    return null;
                }
            }
        });
    }
    /**
     * Perform property expansion of the provider value.
     *
     * NOTE use of doPrivileged().
     */
    private static String expand(final String value) {
        // shortcut if value does not contain any properties
        if (value.contains("${") == false) {
            return value;
        }
        return AccessController.doPrivileged(new PrivilegedAction<String>() {
            public String run() {
                try {
                    return PropertyExpander.expand(value);
                } catch (GeneralSecurityException e) {
                    throw new ProviderException(e);
                }
            }
        });
    }
    // Inner class for loading security providers listed in java.security file
    private static final class ProviderLoader {
        static final ProviderLoader INSTANCE = new ProviderLoader();
        private final ServiceLoader<Provider> services;
        private ProviderLoader() {
            // VM should already been booted at this point, if not
            // - Only providers in java.base should be loaded, don't use
            //   ServiceLoader
            // - ClassLoader.getSystemClassLoader() will throw InternalError
            services = ServiceLoader.load(java.security.Provider.class,
                                          ClassLoader.getSystemClassLoader());
        }
        /**
         * Loads the provider with the specified class name.
         *
         * @param name the name of the provider
         * @return the Provider, or null if it cannot be found or loaded
         * @throws ProviderException all other exceptions are ignored
         */
        public Provider load(String pn) {
            if (debug != null) {
                debug.println("Attempt to load " + pn + " using SL");
            }
            Iterator<Provider> iter = services.iterator();
            while (iter.hasNext()) {
                try {
                    Provider p = iter.next();
                    String pName = p.getName();
                    if (debug != null) {
                        debug.println("Found SL Provider named " + pName);
                    }
                    if (pName.equals(pn)) {
                        return p;
                    }
                } catch (SecurityException | ServiceConfigurationError |
                         InvalidParameterException ex) {
                    // if provider loading fail due to security permission,
                    // log it and move on to next provider
                    if (debug != null) {
                        debug.println("Encountered " + ex +
                            " while iterating through SL, ignore and move on");
                            ex.printStackTrace();
                    }
                }
            }
            // No success with ServiceLoader. Try loading provider the legacy,
            // i.e. pre-module, way via reflection
            try {
                return legacyLoad(pn);
            } catch (ProviderException pe) {
                // pass through
                throw pe;
            } catch (Exception ex) {
                // logged and ignored
                if (debug != null) {
                    debug.println("Encountered " + ex +
                        " during legacy load of " + pn);
                        ex.printStackTrace();
                }
                return null;
            }
        }
        private Provider legacyLoad(String classname) {
            if (debug != null) {
                debug.println("Loading legacy provider: " + classname);
            }
            try {
                Class<?> provClass =
                    ClassLoader.getSystemClassLoader().loadClass(classname);
                // only continue if the specified class extends Provider
                if (!Provider.class.isAssignableFrom(provClass)) {
                    if (debug != null) {
                        debug.println(classname + " is not a provider");
                    }
                    return null;
                }
                Provider p = AccessController.doPrivileged
                    (new PrivilegedExceptionAction<Provider>() {
                    @SuppressWarnings("deprecation") // Class.newInstance
                    public Provider run() throws Exception {
                        return (Provider) provClass.newInstance();
                    }
                });
                return p;
            } catch (Exception e) {
                Throwable t;
                if (e instanceof InvocationTargetException) {
                    t = ((InvocationTargetException)e).getCause();
                } else {
                    t = e;
                }
                if (debug != null) {
                    debug.println("Error loading legacy provider " + classname);
                    t.printStackTrace();
                }
                // provider indicates fatal error, pass through exception
                if (t instanceof ProviderException) {
                    throw (ProviderException) t;
                }
                return null;
            } catch (ExceptionInInitializerError | NoClassDefFoundError err) {
                // no sufficient permission to access/initialize provider class
                if (debug != null) {
                    debug.println("Error loading legacy provider " + classname);
                    err.printStackTrace();
                }
                return null;
            }
        }
    }
}
Back to index...